Your organizations information is at risk. Learn how to protect it at SANS Minneapolis - August 12-17.


Michael Lombardi

Mike Lombardi is the founder and president of Vertigrate, a boutique consulting firm which conducts digital forensic investigations of all types for law firms and their clients around the country. Mike performs incident response, as well as proactive vulnerability assessments, security architecture, and information policy reviews.

Mike has served on the GIAC Advisory Board since earning his first GIAC certification, the GCFE, in 2011.  He is active in the local Phoenix security community and holds elected positions in the Arizona chapter of the High Technology Crimes Investigation Association (HTCIA) and the Phoenix ISSA chapter.

Mike has spoken at both local and national conferences regarding various digital forensics and incident response topics, including at the SANS SIEM & Tactical Analytics and SANS Blue Team Summits.  He has presented alongside the FBI and holds the GCFE, GREM, GCIH, GPEN, CISSP, CISM and CCME.

Mike fell into his career as a paralegal with an aptitude for information systems.  Early in his career, spearheaded the implementation of core Microsoft technologies like Active Directory, Exchange and SQL, and remote connectivity solutions like MPLS and VPN.  When Mike wasn?t helping the law firm open new offices, he was in the hot seat as a trial presentation tech assisting attorneys on lengthy multimillion-dollar litigation cases.

As a digital forensics practitioner, Mike has worked a broad range of cases from basic employee data theft to the identification and remediation of advanced persistent threat campaigns across hundreds of machines.  In the latter case, Mike quickly identified six actively compromised machines and nearly 200 affected machines out of a population of 900 using the PowerShell collector he wrote and later presented at the SANS Blue Team Summit. 

Mike is happiest when diving into the bits of a case; whether it be mobile, memory, live response, dead box, network or malware.  Each case presents its own set of new challenges; including communicating his findings to clients. 

?If there is anything that being a courtroom consultant taught me is that everyone brings their own filters and experiences when consuming new information.  You can?t make assumptions.  Establishing a common ground is key to building a proper understanding, especially when it comes to something as complex as digital forensics.?